Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

Project: psi-probe-rest

com.github.psi-probe:psi-probe-rest:5.3.1-SNAPSHOT

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
accessors-smart-2.6.0.jarpkg:maven/net.minidev/accessors-smart@2.6.0 043
angus-activation-2.0.3.jarcpe:2.3:a:eclipse:jakarta_mail:2.0.3:*:*:*:*:*:*:*pkg:maven/org.eclipse.angus/angus-activation@2.0.3 0Low35
asm-9.7.1.jarpkg:maven/org.ow2.asm/asm@9.7.1 054
commons-logging-1.3.5.jarpkg:maven/commons-logging/commons-logging@1.3.5 0129
error_prone_annotations-2.45.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.45.0 029
j2objc-annotations-3.1.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.1 033
jakarta.activation-api-2.1.4.jarpkg:maven/jakarta.activation/jakarta.activation-api@2.1.4 045
json-path-2.10.0.jarcpe:2.3:a:json-path:jayway_jsonpath:2.10.0:*:*:*:*:*:*:*pkg:maven/com.jayway.jsonpath/json-path@2.10.0 0Highest34
json-smart-2.6.0.jarcpe:2.3:a:json-smart_project:json-smart:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v2:2.6.0:*:*:*:*:*:*:*		pkg:maven/net.minidev/json-smart@2.6.0 0Highest51
jspecify-1.0.0.jarpkg:maven/org.jspecify/jspecify@1.0.0 032
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
micrometer-commons-1.16.0.jarpkg:maven/io.micrometer/micrometer-commons@1.16.0 065
micrometer-observation-1.16.0.jarpkg:maven/io.micrometer/micrometer-observation@1.16.0 065
slf4j-api-2.0.17.jarpkg:maven/org.slf4j/slf4j-api@2.0.17 029
spotbugs-annotations-4.9.8.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8 053
spring-core-7.0.1.jarcpe:2.3:a:pivotal_software:spring_framework:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:7.0.1:*:*:*:*:*:*:*		pkg:maven/org.springframework/spring-core@7.0.1 0Highest41
spring-hateoas-3.0.0.jarcpe:2.3:a:vmware:spring_hateoas:3.0.0:*:*:*:*:*:*:*pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0 0Highest46
spring-plugin-core-4.0.0.jarpkg:maven/org.springframework.plugin/spring-plugin-core@4.0.0 042

Dependencies (vulnerable)

accessors-smart-2.6.0.jar

Description:

Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/minidev/accessors-smart/2.6.0/accessors-smart-2.6.0.jar
MD5: 0ad72639eea293193f68898da9b0b902
SHA1: 2d96f1d9b6ab7f13261aa81b15703574185747a0
SHA256:222c9f547bb20a99fc486403a398352d1306fb671b38abd7ecab6401df170e61
Referenced In Project/Scope: psi-probe-rest:compile
accessors-smart-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.minidev/json-smart@2.6.0

Identifiers

  • pkg:maven/net.minidev/accessors-smart@2.6.0  (Confidence:High)

angus-activation-2.0.3.jar

Description:

 Implementation

License:

http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/runner/.m2/repository/org/eclipse/angus/angus-activation/2.0.3/angus-activation-2.0.3.jar
MD5: ad20392145690b36b4f950fe31a31a2a
SHA1: 7f80607ea5014fef0b1779e6c33d63a88a45a563
SHA256:a6bd35c538cf90fff941ad6258c40c08fca0b5c9c3f536c657114f27ce0527a7
Referenced In Project/Scope: psi-probe-rest:compile
angus-activation-2.0.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/org.eclipse.angus/angus-activation@2.0.3  (Confidence:High)
  • cpe:2.3:a:eclipse:jakarta_mail:2.0.3:*:*:*:*:*:*:*  (Confidence:Low)  

asm-9.7.1.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.7.1/asm-9.7.1.jar
MD5: e2cdd32d198ad31427d298eee9d39d8d
SHA1: f0ed132a49244b042cd0e15702ab9f2ce3cc8436
SHA256:8cadd43ac5eb6d09de05faecca38b917a040bb9139c7edeb4cc81c740b713281
Referenced In Project/Scope: psi-probe-rest:compile
asm-9.7.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/net.minidev/json-smart@2.6.0

Identifiers

  • pkg:maven/org.ow2.asm/asm@9.7.1  (Confidence:High)

commons-logging-1.3.5.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.5/commons-logging-1.3.5.jar
MD5: 9ca067b073153c86c2da350c0f2cdf70
SHA1: a3fcc5d3c29b2b03433aa2d2f2d2c1b1638924a1
SHA256:6d7a744e4027649fbb50895df9497d109f98c766a637062fe8d2eabbb3140ba4
Referenced In Project/Scope: psi-probe-rest:compile
commons-logging-1.3.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/commons-logging/commons-logging@1.3.5  (Confidence:High)

error_prone_annotations-2.45.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.45.0/error_prone_annotations-2.45.0.jar
MD5: f2a7cb98bc041610f90950b6b38db5a9
SHA1: e4b613b411b934eee185aad72bee4c6148fb8dc3
SHA256:6ba61510e22944e8aec3fe970972d088d8da132a24f2bc817a43c7b70665cc2b
Referenced In Project/Scope: psi-probe-rest:provided
error_prone_annotations-2.45.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/com.google.errorprone/error_prone_annotations@2.45.0  (Confidence:High)

j2objc-annotations-3.1.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.1/j2objc-annotations-3.1.jar
MD5: abe8bd3abff622b9a8b15c3a737aa741
SHA1: a892ca9507839bbdb900d64310ac98256cab992f
SHA256:84d3a150518485f8140ea99b8a985656749629f6433c92b80c75b36aba3b099b
Referenced In Project/Scope: psi-probe-rest:provided
j2objc-annotations-3.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/com.google.j2objc/j2objc-annotations@3.1  (Confidence:High)

jakarta.activation-api-2.1.4.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /home/runner/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.4/jakarta.activation-api-2.1.4.jar
MD5: bc1602eee7bc61a0b86f14bbbb0cc794
SHA1: 9e5c2a0d75dde71a0bedc4dbdbe47b78a5dc50f8
SHA256:c9db52100ce6c8aac95cc39075f95720d2e561b11f8051b81c121ad4effd7004
Referenced In Project/Scope: psi-probe-rest:compile
jakarta.activation-api-2.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/jakarta.activation/jakarta.activation-api@2.1.4  (Confidence:High)

json-path-2.10.0.jar

Description:

A library to query and verify JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/jayway/jsonpath/json-path/2.10.0/json-path-2.10.0.jar
MD5: 7c016fb8e3b06896a2709adbe1c52cca
SHA1: e1a0b2e6db75401181c9c1c64c6d155ca5c6d608
SHA256:890daa95dd3892d34d9fabc27cd5153656e6f369358625c88f4dc7b79cbd6c5a
Referenced In Project/Scope: psi-probe-rest:compile
json-path-2.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

json-smart-2.6.0.jar

Description:

JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/net/minidev/json-smart/2.6.0/json-smart-2.6.0.jar
MD5: fde8981f31c3b972355a5adf26a9ec65
SHA1: 5f858a43a325a8673da6869ab2bc787a1bcb2244
SHA256:1ae4b561458afb540be8ec5c6dbb4f2e715a319a7ae64854998aaf924770d61b
Referenced In Project/Scope: psi-probe-rest:compile
json-smart-2.6.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: psi-probe-rest:compile
jspecify-1.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0

Identifiers

  • pkg:maven/org.jspecify/jspecify@1.0.0  (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: psi-probe-rest:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8

Identifiers

  • pkg:maven/com.google.code.findbugs/jsr305@3.0.2  (Confidence:High)

micrometer-commons-1.16.0.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.16.0/micrometer-commons-1.16.0.jar
MD5: 7481e50a8461645429a4763feeb00e53
SHA1: d45ae92945c59eecf485433923fa6a5cf9ce0dbe
SHA256:9655e601f913ad93e2a7e740e998259b36c2844649e5e668bb8f2fe8392bae3f
Referenced In Project/Scope: psi-probe-rest:compile
micrometer-commons-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0

Identifiers

  • pkg:maven/io.micrometer/micrometer-commons@1.16.0  (Confidence:High)

micrometer-observation-1.16.0.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.16.0/micrometer-observation-1.16.0.jar
MD5: 1f96f27d35e2b447eb622edc29d73ba4
SHA1: 3dc3a2bec5121417b638191b1f3aed16c9764667
SHA256:cd7bc6d61a05edeaf4a503969f65541d2db45ee291eaba1fc9adf3088fe1ca84
Referenced In Project/Scope: psi-probe-rest:compile
micrometer-observation-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0

Identifiers

  • pkg:maven/io.micrometer/micrometer-observation@1.16.0  (Confidence:High)

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: psi-probe-rest:compile
slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0

Identifiers

  • pkg:maven/org.slf4j/slf4j-api@2.0.17  (Confidence:High)

spotbugs-annotations-4.9.8.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.8/spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: psi-probe-rest:provided
spotbugs-annotations-4.9.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

  • pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8  (Confidence:High)

spring-core-7.0.1.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/spring-core/7.0.1/spring-core-7.0.1.jar
MD5: 798f6814151d863ab88f6186c95b0c50
SHA1: a885a444df1d0777989ec11df84eb3e8e7eee2cd
SHA256:2bceaaa6986c1b993cfdc730ee86367325fe26273f0fe298f5117f775bbb5085
Referenced In Project/Scope: psi-probe-rest:compile
spring-core-7.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0

Identifiers

spring-hateoas-3.0.0.jar

Description:

Library to support implementing representations for
		hyper-text driven REST web services.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/hateoas/spring-hateoas/3.0.0/spring-hateoas-3.0.0.jar
MD5: 73d8abaacf057180803395e61bbc303c
SHA1: b1a568225b60941c85a64fff19939e98b7b226e2
SHA256:bd9653fbba0dc2a5e7832094cce7f483a7164c94c349ea532616211e45a1df21
Referenced In Project/Scope: psi-probe-rest:compile
spring-hateoas-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.psi-probe/psi-probe-rest@5.3.1-SNAPSHOT

Identifiers

spring-plugin-core-4.0.0.jar

Description:

Core plugin infrastructure

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/springframework/plugin/spring-plugin-core/4.0.0/spring-plugin-core-4.0.0.jar
MD5: 80e4625c3d89b3b3fe41354880006ea8
SHA1: a461fa99b406277f8a6ed3290536768d5c14bc90
SHA256:5d577d48f06f29d6f3a3935c847a3ee0d035020bd09dc17faf48cba67e88dfda
Referenced In Project/Scope: psi-probe-rest:compile
spring-plugin-core-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.hateoas/spring-hateoas@3.0.0

Identifiers

  • pkg:maven/org.springframework.plugin/spring-plugin-core@4.0.0  (Confidence:High)


This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.